Closed Bug 988565 Opened 10 years ago Closed 10 years ago

403 error when logging in with Persona

Categories

(Mozilla QA Graveyard :: One and Done, defect)

Product:
Mozilla QA Graveyard
Component:
One and Done
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME
Milestone:
Future

People

(Reporter: mschifer, Unassigned)

Details

Attachments

(1 file)

error screen
661.81 KB, image/png
Details
Attached image error screen 
Using persona to log into one and done with my account results in a 403 error page being displayed, yet it still logs me in. Hitting the back button will show me as logged in and I am able to continue using the site.

Error Page displays:
Forbidden (403)
CSRF verification failed. Request aborted.
More information is available with DEBUG=True.


Web Console:
POST https://oneanddone.mozilla.org/en-US/browserid/login/ [HTTP/1.1 403 Forbidden 35ms]
GET https://beacon-3.newrelic.com/1/42869b6ed3 [HTTP/1.1 200 OK 64ms]

Screen Shot attached.
Mike, sorry to bug you (esp. /just/ after we shipped), but is this something you can look into/help us look into?
Flags: needinfo?(mkelly)
Can you consistently replicate this? I can't get it to happen consistently on my end. If you can, does it happen on https://oneanddone.paas.allizom.org as well?

If you can, then it might be a good idea for us to upgrade to the latest django-browserid and see if that fixes the issue for you on the stage.
Flags: needinfo?(mkelly)
It is now taking me to a new profile page instead. Did my account get deleted/reset?
I think I might know what's going on. Marc, you have an admin account for the system, correct? I think there is an issue when you have an admin account and also log in as a regular user. If the email addresses are the same I believe it can be a problem. I think this only happens when you are logged in with your admin account and then also try to access the regular user view.

I'll bet Mike understands all this better than I do, but perhaps a quick fix would be to change the email addresses in the database for all of the admins so they do not point to the peoples actual email addresses?

If there is a code fix possible please let me know Mike and I can look into it.
Flags: needinfo?(mkelly)
(In reply to Bob Silverberg [:bsilverberg] from comment #4)
> I think I might know what's going on. Marc, you have an admin account for
> the system, correct? I think there is an issue when you have an admin
> account and also log in as a regular user. If the email addresses are the
> same I believe it can be a problem. I think this only happens when you are
> logged in with your admin account and then also try to access the regular
> user view.

Nah, that shouldn't result in a 403. That would result in being redirected to the login screen with an error message stating that there was some sort've problem logging in.

If you have an admin account and you log into the site, it should just use your admin account, because it matches by email address. However, if you already logged into the site and someone makes you an admin account without checking to see if you already have a normal account, then you can end up with two accounts by accident, and that causes a login failure with the error message.

There's only three users who have two accounts with the same emails: bsilverberg, edwong, and gmealer. bsilverberg, can you confirm what happens when you attempt to login to the site with Persona?
Flags: needinfo?(mkelly)
This would be using your bsilverberg@mozilla.com email, by the way.
1. Log out of all accounts.
2. Try to log in to the public site, using my mozilla.com account.

Result: I get the following error message:

"There was a problem signing you in. Please try again. If you continue to have issues logging in, let us know by emailing oneanddone@mozilla.com."

1. Log in to the admin.
2. Try to log in to the public site, using the same email (my mozilla.com account).

Result: I am presented with the "User Profile" screen, and the "Sign out" link in the upper right-hand corner doesn't do anything. Clicking it just keeps me on the same page.

So neither result in a 403, but neither are a good thing either. I am going to delete my non-admin account and see what difference that makes.
Doing that seemed to clean things up for me, but this doesn't address the 403 issue. Sorry for the red herring, Mike.
(In reply to Bob Silverberg [:bsilverberg] from comment #8)
> Doing that seemed to clean things up for me, but this doesn't address the
> 403 issue. Sorry for the red herring, Mike.

No problem. You can go ahead and delete the non-admin accounts for the other two as well, provided that they're okay with possibly losing any completed task or feedback data. I highly doubt there's any that they should care about, but it's probably a good idea to notify them just in case.
Moving to the v2 queue
Target Milestone: --- → Milestone 1
Version: Version 1 → Version 2
Moving out as it may be fixed with Persona upgrades, less priority than others.
Target Milestone: Milestone 1 → Future
Version: Version 2 → unspecified
Is this error still happening?
Flags: needinfo?(bob.silverberg)
This no longer repros
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Marking as worksforme as it hasn't been an issue in a long time
Resolution: FIXED → WORKSFORME
Status: RESOLVED → VERIFIED
Flags: needinfo?(bob.silverberg)
Product: Mozilla QA → Mozilla QA Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: